General
-
Target
4762443715870720.zip
-
Size
335KB
-
Sample
211216-m8b8rabhg2
-
MD5
6e02c9b26dea38a588ebcff3c95350dd
-
SHA1
492fc0e21065372871c4561cd5557c95a565f498
-
SHA256
17767de1728ccf87bcae03ab23dcd0e66baec5f83dad6bdaef9a7f18f1be2ea9
-
SHA512
361548edc7c0331a4544c8a59db28542228a5c33afc6ebff259b93432eff29c2490e7d9b49dabb4e728651822537ce317e997d08a7982bc228e55bd7581865d9
Static task
static1
Behavioral task
behavioral1
Sample
9f190c1de8754a221279cf53d11e5dc2861aaa73811c30ae5a305185b7285513.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9f190c1de8754a221279cf53d11e5dc2861aaa73811c30ae5a305185b7285513.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\readme.txt
conti
http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/jqiY9g2UHMjfDzJFXlnHZZuWl5nDPEznuJe1M4meXqioZx0jjn4ioMCKgKVlJVlM
Targets
-
-
Target
9f190c1de8754a221279cf53d11e5dc2861aaa73811c30ae5a305185b7285513
-
Size
495KB
-
MD5
cc04d165157eedf78af10d5b25eaa2ec
-
SHA1
e88015cd46fd20043196af1864de0c3c19e51001
-
SHA256
9f190c1de8754a221279cf53d11e5dc2861aaa73811c30ae5a305185b7285513
-
SHA512
d016e5f19527b0c917e771da39e75d7454665878b67b88219e6f5712178b8418e3fed6636d1b989125ca16ee54b0b265b12208c851dc49ed503b0c3bc466b8c0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-